X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=2063bdd16253d56b19343e62c02ba01520cd60ac;hb=ac1ff6c8ce9f23eebf5e53ce799c3b8b84d6de93;hp=64f32bd55e237ae4d1b362376bfb1929996b25ec;hpb=daa1177e3a1e42b4c95e0a8759f1610942b952c7;p=friendica.git diff --git a/include/security.php b/include/security.php index 64f32bd55e..2063bdd162 100644 --- a/include/security.php +++ b/include/security.php @@ -8,10 +8,11 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\PConfig; use Friendica\Core\System; -use Friendica\Database\dba; -use Friendica\Database\DBM; +use Friendica\Database\DBA; +use Friendica\Model\Contact; use Friendica\Model\Group; use Friendica\Util\DateTimeFormat; +use Friendica\Model\PermissionSet; /** * @brief Calculate the hash that is needed for the "Friendica" cookie @@ -100,8 +101,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive $master_record = $a->user; if ((x($_SESSION, 'submanage')) && intval($_SESSION['submanage'])) { - $user = dba::selectFirst('user', [], ['uid' => $_SESSION['submanage']]); - if (DBM::is_result($user)) { + $user = DBA::selectFirst('user', [], ['uid' => $_SESSION['submanage']]); + if (DBA::isResult($user)) { $master_record = $user; } } @@ -113,38 +114,38 @@ function authenticate_success($user_record, $login_initial = false, $interactive 'nickname' => $master_record['nickname']]]; // Then add all the children - $r = dba::select('user', ['uid', 'username', 'nickname'], + $r = DBA::select('user', ['uid', 'username', 'nickname'], ['parent-uid' => $master_record['uid'], 'account_removed' => false]); - if (DBM::is_result($r)) { - $a->identities = array_merge($a->identities, dba::inArray($r)); + if (DBA::isResult($r)) { + $a->identities = array_merge($a->identities, DBA::toArray($r)); } } else { // Just ensure that the array is always defined $a->identities = []; // First entry is our parent - $r = dba::select('user', ['uid', 'username', 'nickname'], + $r = DBA::select('user', ['uid', 'username', 'nickname'], ['uid' => $master_record['parent-uid'], 'account_removed' => false]); - if (DBM::is_result($r)) { - $a->identities = dba::inArray($r); + if (DBA::isResult($r)) { + $a->identities = DBA::toArray($r); } // Then add all siblings - $r = dba::select('user', ['uid', 'username', 'nickname'], + $r = DBA::select('user', ['uid', 'username', 'nickname'], ['parent-uid' => $master_record['parent-uid'], 'account_removed' => false]); - if (DBM::is_result($r)) { - $a->identities = array_merge($a->identities, dba::inArray($r)); + if (DBA::isResult($r)) { + $a->identities = array_merge($a->identities, DBA::toArray($r)); } } - $r = dba::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname` + $r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname` FROM `manage` INNER JOIN `user` ON `manage`.`mid` = `user`.`uid` WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?", $master_record['uid'] ); - if (DBM::is_result($r)) { - $a->identities = array_merge($a->identities, dba::inArray($r)); + if (DBA::isResult($r)) { + $a->identities = array_merge($a->identities, DBA::toArray($r)); } if ($login_initial) { @@ -154,8 +155,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive logger('auth_identities refresh: ' . print_r($a->identities, true), LOGGER_DEBUG); } - $contact = dba::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => true]); - if (DBM::is_result($contact)) { + $contact = DBA::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => true]); + if (DBA::isResult($contact)) { $a->contact = $contact; $a->cid = $contact['id']; $_SESSION['cid'] = $a->cid; @@ -164,10 +165,10 @@ function authenticate_success($user_record, $login_initial = false, $interactive header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] . '"'); if ($login_initial || $login_refresh) { - dba::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]); + DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]); // Set the login date for all identities of the user - dba::update('user', ['login_date' => DateTimeFormat::utcNow()], + DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['parent-uid' => $master_record['uid'], 'account_removed' => false]); } @@ -178,7 +179,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive * The cookie will be renewed automatically. * The week ensures that sessions will expire after some inactivity. */ - if ($_SESSION['remember']) { + if (!empty($_SESSION['remember'])) { logger('Injecting cookie for remembered user ' . $a->user['nickname']); new_cookie(604800, $user_record); unset($_SESSION['remember']); @@ -224,7 +225,7 @@ function can_write_wall($owner) } else { $cid = 0; - if (is_array($_SESSION['remote'])) { + if (!empty($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $visitor) { if ($visitor['uid'] == $owner) { $cid = $visitor['cid']; @@ -242,12 +243,12 @@ function can_write_wall($owner) AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), intval($cid), - intval(CONTACT_IS_SHARING), - intval(CONTACT_IS_FRIEND), - intval(PAGE_COMMUNITY) + intval(Contact::SHARING), + intval(Contact::FRIEND), + intval(Contact::PAGE_COMMUNITY) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $verified = 2; return true; } else { @@ -298,11 +299,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) */ if (!$remote_verified) { - $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", - intval($remote_user), - intval($owner_id) - ); - if (DBM::is_result($r)) { + if (DBA::exists('contact', ['id' => $remote_user, 'uid' => $owner_id, 'blocked' => false])) { $remote_verified = true; $groups = Group::getIdsByContactId($remote_user); } @@ -323,9 +320,9 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) ) ", intval($remote_user), - dbesc($gs), + DBA::escape($gs), intval($remote_user), - dbesc($gs) + DBA::escape($gs) ); } } @@ -342,12 +339,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul * * default permissions - anonymous user */ - $sql = " AND `item`.allow_cid = '' - AND `item`.allow_gid = '' - AND `item`.deny_cid = '' - AND `item`.deny_gid = '' - AND `item`.private != 1 - "; + $sql = " AND NOT `item`.`private`"; // Profile owner - everything is visible if ($local_user && ($local_user == $owner_id)) { @@ -360,37 +352,15 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul * If pre-verified, the caller is expected to have already * done this and passed the groups into this function. */ - if (!$remote_verified) { - $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", - intval($remote_user), - intval($owner_id) - ); - if (DBM::is_result($r)) { - $remote_verified = true; - $groups = Group::getIdsByContactId($remote_user); - } - } - if ($remote_verified) { - - $gs = '<<>>'; // should be impossible to match + $set = PermissionSet::get($owner_id, $remote_user, $groups); - if (is_array($groups) && count($groups)) { - foreach ($groups as $g) { - $gs .= '|<' . intval($g) . '>'; - } - } - - $sql = sprintf( - " AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1 - AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s') - AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = ''))))) - ", - intval($remote_user), - dbesc($gs), - intval($remote_user), - dbesc($gs) - ); + if (!empty($set)) { + $sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))"; + } else { + $sql_set = ''; } + + $sql = " AND (NOT `item`.`private`" . $sql_set . ")"; } return $sql;